Description
This article explains how to check whether a deep inspection is performed using the browser and Wireshark.
Solution
How to check, using the browser:
- Deep inspection is not performed:
Navigate to the URL. Then select the button next to the URL:
and select the 'Connection' button:
The certificate is verified by a public CA trusted by the browser (Dicicert Inc). Therefore, deep inspection is not performed.
2. Deep inspection is performed
Navigate to the URL. Then select the button next to the URL:
and select the 'Connection' button:
'Verified by: Fortinet' means that deep inspection is performed, since 'Fortinet' is not a public CA.
How to check, using Wireshark:
It is not always possible to check whether a deep inspection is performed using the browser. Alternatively, it is also possible to check whether a deep inspection is performed using Wireshark:
- Deep inspection is not performed:
- Open a pcap file in Wireshark.
- Trace the TLS session and find a packet with a certificate.
- Expand 'Transport Layer Security' field and find trusted public CA certificates.
2. Deep inspection is performed:
- Open a pcap file in Wireshark.
- Trace the TLS session and find a packet with a certificate.
- Expand the 'Transport Layer Security' field and find the self-signed CA certificate.
In the case of TLS 1.3, the certificate is encrypted.
